[00:14] Hey, I am running Ubuntu Server 14.04 LTS, we require Apache version > 2.4.10 current in apt I only get 2.4.7-1ubuntu4.9. How can I install Apache>2.4.10 via apt? or is this not possible? [00:15] tdelam: is there a specific 2.4.10 feature you require? [00:15] tdelam: 16.04 ships with Apache 2.4.18 [00:16] tarpman: PCI compliance :/ [00:16] mv compliance annoyance [00:16] sdeziel: oh? [00:16] tdelam: out of curiosity, why is PCI requiring a specific version for Apache? [00:17] sdeziel: I've been through this already, they're idiots, sorry, but it's frustrating. I showed them all CVE's for the current Apache and how their concerns are already patched in this current version [00:17] in one ear and out the other. [00:17] oh [00:18] yep. [00:18] is it safe to go from 14.04 to 16.04/ [00:18] ?* [00:18] last time I had to mess with PCI, they were asking for TLS 1.2 but they didn't care about software versions [00:18] yea, quite annoying [00:19] tdelam: the distro upgrade isn't yet offered/supported but you can do a fresh install if that's feasible [00:19] 16.04 is pretty new (got released yesterday) but I've been happily running it since months and love it [00:20] I'd have to reconfigure the server, took a lot to get to the current state and passing PCI. This recently came up so I am trying to do this upgrade [00:20] tdelam: how do those PCI auditors deal with RHEL boxen? those ship ancient apache (httpd) versions [00:20] It sounds like I'll need to reinstall apache from source if I can't find a repository for it. [00:21] sdeziel: I don't know, heh.. they'll be lost [00:21] tdelam: maybe switching to nginx would be an easy out? [00:23] no, this is a bandaid solution. This server is actually a proxy server with mod_security rules configured specifically for this site, which was built in 1996 and neglected... It's a bandaid while we rebuild a new one. [00:23] Funny thing is, the company is absolutely massive, how it ever got this state we'll never know. =/ [00:25] tdelam: Ondřej Surý has a PPA with fresh Apache: https://launchpad.net/~ondrej/+archive/ubuntu/apache2?field.series_filter=trusty [00:27] :o [00:28] this may be what I need! [00:29] as always with PPA, be careful :) [00:29] tdelam: maybe your auditors can be convinced with this instead? http://people.canonical.com/~ubuntu-security/cve/pkg/apache2.html [00:29] ondrej is decently trustworthy, as ppas go [00:29] I trust Ondřej but I never tested this PPA personally [00:30] tdelam: .. and out of curiosity, do they perchance also sell services to keep self-compiled apache up to date? :) [00:30] sarnold: I tried :( [00:30] sarnold: hah no, only internet, tv, phone, mobility, etc [00:30] hah [00:31] I've got a feeling the only people who run self-compiled apache are (a) clients of pci compliance firms (b) apache developers [00:32] yea, if this doesn't work then I'll be doing that next, rebuilding all modules too, probably a pain [00:32] I run lots of self-compiled apache at work. If you actually care about tracking the latest version, it's a pretty easy thing to script the usual configure-make-install for it [00:33] Less so if you depend on more than one or two separate modules, granted [00:33] feels a bit like Gentoo at this point ;) [00:33] heh [00:34] heh okay (a) clients of pci firms (b) apache devs (c) maxb :D [00:37] tdelam: looking at the 2.4.10 changelog, I'm not sure what they want specifically? The ability to use large DH params? [00:40] sdeziel: nope, not feature specfic either, just version; nothing more... it makes no sense, I have pleaded my case and provided many CVE's that clearly show that our current Apache version addresses ALL their issues. [00:41] they rather spend more money on us upgrading to the latest than reading the CVE's provided [00:41] like the old saying goes; more money than brains. [00:41] oh well [00:41] I wonder, sometimes you hear about pci firms that can be convinced "running most recent packaged version" is sufficient; maybe we ought to go to some effort to promote them and publicly chastise the ones that want you to compile and run the webserver yourself [00:43] sdeziel: thanks, this solved the problem. I now have 2.4.20 installed [00:43] sarnold: yea, I don't even know either. [00:43] tdelam: thank Ondřej then :) [00:44] it's bonkers. Why would a PCI place want you to run non-stable software when clearly the stable version consists of the patches that they're concerned about. [00:44] I mean, all due respect to ondrej, but you've just gone from running a package that's potentially reviewed by millions to a package potentially reviewed by hundreds; and from "ubuntu security team fixes bugs" to "ondrej fixes bugs" [00:44] trying to understand their logic is probably drive you insane [00:44] sdeziel: I will donate some money to him, he has a link on the link you gave me. [00:44] indeed [00:45] sarnold: exactly my point :/ so weird [00:46] they're so enamoured with a version number that they're probably not even considering the fact that 2.4.20 might have issues, unknown security issues. [00:46] the safest way might be to patch the Ubuntu sources to s/2.4.7/2.4.10/ [00:47] but I wouldn't risk cheating like that [00:48] yea, I am ok with this, 2.4.20. Fine by me, if they want to downgrade yet again they'll send thousands our way again and mayb realize the stupidty with this [00:48] restore from an image, and rinse repeat. [00:48] so silly. [00:50] . [00:50] woops [00:51] hmmm https://deb.sury.org/pages/ No such thing as that, sorry Page Not Found. I can't donate :/ [00:52] found it [00:54] thanks for all your help guys [00:54] you are welcome [02:38] Anyone having a problem with Ubuntu Server 16.04 booting to a blank screen? I can manually switch to tty[1-6], but it would be nice if it would boot to one of them [04:18] how to disbale apt-check? [04:21] no response? [04:33] 483 people and anyone know about that? === athairus is now known as afkthairus [08:38] I have a VPS with Ubuntu Server, and am running a few websites on it. The host says I exceed theyre CPU load policy / CPU abuse, according to them the values are as following: We allow a CPU load average of no more than 0.9 constant and bursts up to 2. You regularly exceed this. [08:38] Should I switch to another VPS? or offload some websites of this VPS to anothre VPS? [08:38] Also, how can I determine which website is causing the high cpu load most likely? [09:09] 11:07:34 up 20:30, 1 user, load average: 8.07, 7.52, 7.25 [09:09] Im obviously doing somthing wrong, but not sure what processes are causing such an high cpu load [09:10] my apache seems to be always on top of the list in process usage [11:27] Ciao a tutti from Italy. I installed on my ubuntu mate apache2 but i cannot create a folder or a document in the var/www folder. can anybody help me? thank you ... grazie [12:05] fm76_italy_ba, apache2 is running with UID www-data; you might want to check the permissions [12:09] I'm a newbie about linux are you willing to help me step by step? also in PM === Piper-Off is now known as Monthrect [15:12] so I have USERGROUPS enabled in login defs, the default umask is 022 which gets relaxed to 002, however when I sudo -i the umask for root is still 022, why is that? === afkthairus is now known as athairus === JanC_ is now known as JanC [17:52] When using conjure-up to deploy openstack on a single node, it keep telling me lxd is not configured when using a created bridge (`br0`) and launching `sudo lxd init` like in this blog post: https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/ [17:53] Anyone having done something similar at home? [17:57] I am from an SME in the Maldives. I want to deploy a Ubuntu-OpenStack setup with 5 x virtual nodes for openStack components, 5 x physcal nodes for compute (nova) and 2 x HP iSCSI storage. So, will the Ubuntu Advantage **Essentials** subscription allow me to do this? [18:57] how do I use php fpm?!? what do I have to add to my VirtualHost section in apache2 [19:21] h [19:21] hello folks [19:21] are there known issues with the phpmyadmin package on 16.04? === KnownSyntax_ is now known as KnownSyntax